Understanding Flash Loans: The Pros and Cons of This Weird DeFi Trend
Have you ever wondered how someone can borrow millions of dollars in capital anonymously and without any collateral in just a matter of seconds? Well, for anyone with a background in finance, this may sound completely insane. However, this is exactly what flash loans are!
While it may seem like an easy way to obtain capital, there is a caveat when borrowing through this method: the borrowed amount must be repaid with interest within a matter of seconds after being withdrawn.
Yes, this may sound even crazier, for what is the point of having $100 million for 10 seconds?
In this article, we will explore the workings of flash loans and how they are made possible through the use of blockchain technology and decentralized finance.
To understand exactly how they work, let us first make a quick recap on how blockchains function.
Blockchains, in simple terms, are decentralized and distributed databases. Depending on whether the blockchain is proof of work or proof of stake, minors or validators are used to confirm transactions that are valid, and create new blocks to maintain blockchain security and integrity.
Each transaction represents alterations to the database either by changing, adding or removing data. Transactions are then bundled in blocks for validators to validate or miners to mine to make blockchains more efficient and process more transactions simultaneously.
Flash loans are executed through smart contracts on blockchain platforms like Ethereum. A flash loan simply represents a top-level transaction, which consists of several sub-transactions.
When utilizing a flash loan, the initial sub-transaction involves transferring the borrowed funds to your designated address. Subsequent sub-transactions may involve a series of transactions aimed at generating profit from the borrowed funds. However, the final sub-transaction must always involve the repayment of the loan amount plus interest.
It’s crucial to note that in order for a flash loan to be successful and for the borrowed funds to be obtained, the repayment with interest must be made within the same transaction block. Failure to do so will result in an error and the transaction will be canceled.
This brings us back to the atomicity property of smart contracts, which states that the top-level transaction can only succeed if each sub-transaction under it succeeds.
In a flash loan transaction, you can interact with any protocol you like, in whatever way and order. However, you cannot move the borrowed funds outside of the blockchain network. Otherwise, you would be able to take the funds and disappear, as the loan is uncollateralized and anonymous.
Nevertheless, if the transaction is successfully completed, the lender will get their money back with interest on top, and you get to keep the extra profits you did between borrowing and returning the borrowed funds. The whole transaction will then be added to the blockchain and become immutable.
Flash Loan Arbitrage
What confuses most people about flash loans is how users can, in only one transaction, successfully return the full amount with the interest while keeping the remaining profit. Many flash loan use-cases exist where profit can be made in one transaction, most notably arbitrage.
Arbitrage is the leveraging of price differences for the same asset across different money markets in an attempt to make a profit.
To illustrate with a simple example, consider the scenario where Person A is selling a burger for $5, while Person B is willing to pay $10 for a burger. By capitalizing on this opportunity and purchasing the burger from Person A, then selling it to Person B for a profit of $5, you have successfully executed an arbitrage trade. This is what arbitrage is in a nutshell.
On the blockchain, a user who finds a platform selling Bitcoin at $20,000 and another platform that buys Bitcoin at $21,000 can, in one transaction, take advantage of this price difference by borrowing the needed funds from a flash loan protocol, purchasing a Bitcoin on the first platform and selling it on the second platform. Then, within the same transaction, the user returns the borrowed funds with the transaction fee and pockets the remaining profit.
Flash Loan Risks
Flash loans have become a popular DeFi product, as they allow traders to quickly execute arbitrage and other legitimate trading activities without having to lock up a large amount capital.
Knowing that arbitrage helps keep prices in equilibrium among different platforms, flash loans are also considered market stabilizers. Nonetheless, they have also been used for abusive activities like price manipulation, exploitation of vulnerabilities in DeFi protocols, insider trading, and money laundering.
For instance, in the second quarter of 2022 alone, investors lost over USD 2 billion because of malicious flash loan attacks. How do these attacks happen?
The issue lies in giving a huge amount of capital to an unknown investor. The fear of default from the investor is eliminated, thanks to the atomicity property of smart contracts, but the risk lies in the way this huge amount of money is used.
By the source code, flash loans do not care what is done with the capital as long as it is returned, therefore the user is free to use it the way they wish.
Beanstalk Protocol $182 Million Hack
Beanstalk Farms, a stablecoin protocol that is built on Ethereum, was hacked on April 17, 2022. The hacker was able to drain $182 million from the protocol.
The Beanstalk protocol issued decentralized, credit-based stablecoins known as Bean ERC-20 tokens and had a savings smart contract where users deposit the protocol’s tokens and earn rewards like Stalk and Seeds. Stalks bestowed governance rights to its holders, which allowed them to vote on proposals for the protocol.
The attack was categorized as a flash loan attack, where the hacker started the attack by borrowing $1 billion from Aave protocol, a lending protocol that includes flash loan pools. Through different methods, the hacker was able to buy $1 billion worth of stablecoins and swap them to the protocol’s tokens (BEAN) or mirror tokens and deposit them in the protocol’s savings smart contract, therefore, accumulating a large number of Stalks.
These tokens allowed the hacker to acquire more than 67% of voting power and create a malicious proposal to send all the protocol funds (over 180 million USD) to a private Ethereum wallet.
Although there is a certain period of time (usually a week) for the vote to end and the proposal to pass, the hacker was able to create an “emergency situation” that allowed the vote to pass in a single day since he had such a large number of governance tokens.
Once the proposal was passed, the hacker was able to take out the funds and pay back the flash loan and pocket $80 million. With that, the flash loan attack caused a nine-figure loss to investors.
For those who are not familiar with blockchain, a basic example would be a comic book club that is led by a president who holds control over the club’s assets, including the mansion where the club convenes.
The president also happens to be the owner of the majority of the comic books. In this scenario, a hacker identifies an opportunity to borrow a substantial amount of money and purchases all the available comic books worldwide, effectively becoming the president of the club.
The hacker then proceeds to liquidate the mansion and abscond with the funds obtained from the sale.
Considering the circumstances, it can be argued that flash loan hacks raise an important ethical question: Is it responsible to grant an anonymous user such a significant amount of money, regardless of how it will be utilized?
The magnitude of these loans can easily impact the market and affect protocols that are not equipped to handle such attacks.
At the end of the day, flash loans, like any other financial instrument, are not intrinsically ethical or unethical. The way they are used is what determines their ethicality, as these loans can be used for both malicious and legitimate purposes.
Flash loans help markets stay capital efficient and liquidity providers make safe returns on their money. As such, rather than thinking that flash loans are inherently dangerous, DeFi developers should think of building protocols that are not affected by such attacks, implement stronger security measures, and continuously monitor their protocols for possible vulnerabilities.
It is also imperative for users to exercise caution when investing in new digital applications or protocols and conduct their own due diligence before providing funds to avoid falling victims of flash loan attacks.
Are Flash Loans Possible in the Real World?
The reason why flash loans are exclusive to blockchain is that conventional company databases are not integrated into a unified database that allows for the smooth flow of capital between different entities. Conversely, blockchain technology offers a decentralized, shared database that enables all protocols to operate within the same platform.
Consider a hypothetical scenario where a bank and two stock market exchanges are combined into a single, comprehensive database. In this context, the bank could devise a code that enables users to obtain funds via flash loans, which can then be used to make investments in the stock market with the intention of generating profits.
Once the loan has been utilized, the borrowed amount can be returned to the bank. However, as traditional databases are disconnected from each other, the funds lent by the bank remain outside of its database, leading to a loss of contact with the funds.
Sooner or later, with the integration of blockchain and the sharing of data, flash loans are bound to be available as a viable investment strategy.